Fake news, unsecured devices – how to protect yourself and your call center

By Chris Knauer, Director of Global Security, TELUS International

Let’s talk about politics. No, really. 

Not the outcome of politics, but the way the Internet this year was used to create security holes all across the endpoint spectrum. Covering political events (like the U.S. election) or otherwise, the past two years saw a massive proliferation in fake news sites, using true and false stories strung together to create drama. While some of these sites were in the business of promoting their views, many were used simply to create traffic volume and revenue for their owners. But a few also had darker purposes – to infect your phone or PC with malware and turn them into secret weapons.

It’s also no coincidence that the Internet of Things (IoT) grew as weapons of attack against many legitimate websites in 2016. To attack these legitimate sites with a massive distributed denial of service (DDOS), hackers need lots of unsecured devices on the Internet. Please welcome fake news!

Building on strong interests or issues in any country, these fake news sites used a bit of social engineering and psychology to get the user to click on their site with dramatic fake news stories and/or subscribe to their emails. This allows the bad websites to secretly load up malware on the phone or PC.

These PCs or phones, now in control of the hackers, become network scouts and scan the home or office networks in search of new targets, such as a baby camera, thermostat, or printer, most of which have little to no security built in. Up to this point, these networks were safe (mostly) behind that router/firewall. Many home office employees even use a secured VPN for further protection.

With this malware loaded, this internal network security is trashed as the malware talks to the hackers on the outside and receives instructions. The network is now compromised and ready to be used by the hackers to launch more attacks elsewhere. Multiply this scenario times the sheer number of unsecured IoT devices and you now have a massive attack platform.

All of the above sounds scary – and it is! But it’s important to understand these potential threats and safeguard both your personal and professional environments. At TELUS International, we regularly remind both our employees and our clients to protect themselves and their businesses. Keep yourself safe this holiday season and into the New Year with our tips below:

At home:

• Use a strong antivirus program and make sure it is scanning your computer regularly.
• Never click on links in emails from untrusted sources. Check the email headers and make sure it is coming from a trusted source. If the sender address looks legitimate, but the tone of the email is odd or has unusual misspellings, don’t click on anything.
• Check your emotions when it comes to any website. If it feels like the website is playing on a bias or emotion it could be bait to get you to click further. Don’t fall for it! These sites are common during political change, disasters, and/or celebrity events.
• If you notice that your PC or phone is acting slower than usual, it may be signs of infection, even if you have antivirus software installed. If you use a local PC service or have a desktop technician available, it may be time to give them a call.

At work:

• If your in-house call center Average Handle Time has increased, despite no other changes to technology, process or call volume, look for signs of infected PCs as one possible issue. The newest infections are extremely stealthy and can hide their activities.
• Make sure your in-house and outsourced call centers have stringent access policies, especially where access to social media is as a part of their support function. Develop these policies with your security team and in collaboration with your outsourcer / BPO.
• Conduct security awareness training, simulations, and reminders on a regular basis. These attacks change constantly.
• Review your incident management procedures with your company’s internal security, privacy and business continuity planning teams.
• Collaborate with your outsourcers on ways to improve the security of your call centers while maintaining your service levels. This can be a combination of process and technology recommendations.

No matter your politics, no one wants to be fooled. Use common sense above emotions and you’ll reduce the likelihood of your network becoming a tool for hackers. And of course, we at TELUS International would be pleased to be your BPO partner in common sense!